我試圖將數據從edit1.php中的表單更新到setswim.php ,但它提供了錯誤: 警告:mysqli的::查詢():用C空查詢:\ XAMPP \ htdocs中\ admin於線\ setswim.php 13警告:mysqli :: query():在第13行的C: xampp htdocs admin setswim.php中的空查詢
edit1.php
<html>
<body>
<center>
<?php
$d=$_GET['id'];
include "includes/db.php";
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if ($result = $con->query("SELECT * FROM students WHERE student_number='".$d."'"))
{
if ($result->num_rows > 0)
{
while ($row = $result->fetch_object())
{
$number= $row->student_number;
\t \t \t \t \t \t \t \t \t \t \t \t $n= $row->student_name;
\t \t \t \t \t \t \t \t \t \t \t \t $d= $row->student_last;
\t \t \t \t \t \t \t \t \t \t \t \t $a= $row->id_student;
\t \t \t \t \t \t \t \t \t \t \t $b= $row->student_address;
\t \t \t \t \t \t \t \t \t \t \t \t $c= $row->student_collage;
\t \t \t \t \t \t \t \t \t \t \t \t $d= $row->student_datebirth;
\t \t \t \t \t \t \t \t \t \t \t \t $price= $row->student_email ;
}
}
else
{
echo "No results to display!";
}
}
?>
<html>
<body ><center>
<form action="setswim.php?id='"<?php echo $d;?>"' method="post" enctype="multipart/form-data">
<BR><BR><BR><font color="red">
number: <input type="text" name="student_number" value="<?php echo $number;?>"> <br>
student_name: <input type="text" name="student_name" value="<?php echo $n;?>"> <br>
student_last: <input type="text" name="student_last" value="<?php echo"$d";?>"> <br>
id student: <input type="text" name="id_student" value="<?php echo $a;?>"> <br>
student address: <input type="text" name="student_address" value="<?php echo $b;?>"> <br>
student collage: <input type="text" name="student_collage" value="<?php echo $c;?>"> <br>
birthday: <input type="text" name="student_datebirth" value="<?php echo $d;?>"> <br>
student_email: <input type="text" name="student_email" value="<?php echo"$price";?>"> <br>
<BR><BR><BR>
<br><input type="submit" name="submit" value="submit">
</form>
</center>
</font>
</center>
<?php include("adding.php"); ?>
</body>
</html>
和setswim.php
<?php
\t include "includes/db.php";
\t $checklogin = mysqli_query($con,"SELECT * FROM `students`");
?>
<?php
if(isset($_POST['submit'])) {
$sql=mysqli_query($con,"UPDATE students SET student_number='".$_POST['student_number']."',student_name='".$_POST['student_name']."',student_last='".$_POST['student_last']."',id_student='".$_POST['id_student']."',student_address='".$_POST['student_address']."',student_collage='".$_POST['student_collage']."',student_datebirth='".$_POST['student_datebirth']."',student_email='".$_POST['student_email']."'");
// $result = mysqli_query($con,$sql);
\t \t $result = $con->query($sql);
if (!$result) {
mysqli_error($con)."[ $sql]";
}
}
\t \t
?>
<?php
include "includes/db.php";
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if ($result = $con->query("SELECT * FROM students "))
{
if ($result->num_rows > 0)
{
\t \t \t \t \t \t \t \t echo "<table border='1' cellpadding='11'>";
echo " <tr> <th><font color=green size=3>Number of Student</font></th><th><font color=red size=5>Name</font></th> <th><font color=red size=5>Last Name</font></th> <th><font color=red size=5>id student</font></th> <th><font color=red size=5>emaill</font></th><th><font color=red size=5>Address</font></th><th><font color=red size=5>Collage</font></th><th><font color=blue size=5>Date Birth</font></th><th><font color=red size=5>Edit</font></th><th><font color=red size=5>Delete</font></th> </tr>";
while ($row = $result->fetch_object())
{
echo "<tr>";
//echo "<td>" . $row->ID. "</td>";<th>ID</th>
echo "<td style='test-align:center;'><small><strong>" . $row->student_number . "</small></strong></td>";
\t \t \t \t \t \t \t \t \t \t \t \t echo "<td style='test-align:center;'><small>" . $row->student_name . "</small></td>";
\t \t \t \t \t \t \t \t \t \t \t \t echo "<td style='test-align:center;'><small>" . $row->student_last . "</small></td>";
echo "<td style='test-align:center;'><strong>ID:</strong><small> ".$row->id_student. "</small></td>";
\t \t \t \t \t \t \t \t \t \t \t \t echo "<td style='test-align:center;'><small>" . $row->student_email . "</small></td>";
\t \t \t \t \t \t \t \t \t \t \t \t echo "<td style='test-align:center;' ><small>" . $row->student_address. "</small></td>";
\t \t \t \t \t \t \t \t \t \t \t \t \t \t echo "<td style='test-align:center;' ><small>" . $row->student_collage. "</small></td>";
\t \t \t \t \t \t \t \t \t \t \t \t \t \t echo "<td style='test-align:center;'><small>" .$row->student_datebirth."</small></td>";
echo "<td><a href='edit1.php?id=" . $row->student_number . "'>Edit</a></td>";
echo "<td><a href='delswim.php?id=" . $row->student_number . "'>Delete</a></td></small></small>";
echo "</tr>";
}
echo "</table>";
}
else
{
echo "No results to display!";
}
}
else
{
echo "Error: " . $con->error;
}
$con->close();
\t \t \t \t ?>
\t \t \t \t
\t \t \t
</center>
錯誤: 警告:mysqli的查詢::():用C空查詢:\ XAMPP \ htdocs中\ ADMIN \上線setswim.php 13
您的代碼容易受到[** SQL注入攻擊**](https://en.wikipedia.org/wiki/SQL_injection)的影響。你應該使用[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https://secure.php.net/ manual/en/pdo.prepared-statements.php)準備帶有綁定參數的語句,如[**這篇文章**]所述(https://stackoverflow.com/questions/60174/how-can-i-prevent-sql步噴射功能於PHP)。 –
嗯,我想你調用'$ con> query'時會出錯,因爲有時候你會發送一個mysqli結果對象,有時候你會發送一個字符串。需要查看你的db.php代碼才能看到幕後發生了什麼。 –
在setswim.php中,您正在嘗試將mysqli_result傳遞到'$ result = $ con> query($ sql);'中的mysqli_query。這是行不通的。 – aynber